Unprecedented Forensic and Data Mining
LogClarity® provides two distinct event log forensic search capabilities; the Quick Search and the Advanced Search. LogClarity® provides unmatched log search capabilities for Windows logs and syslog formatted logs. LogClarity® caters to the features of each log type and overcomes the limitations. LogClarity® can accommodate the needs for each log type without any of the limitations (i.e. Windows security logs versus syslog style logs). LogClarity® provides the best of both worlds by providing agile and effective search methodologies for all log types.
LogClarity’s Quick Search is used, more often, when a user wants to data mine event logs, without searching for a specific problem. Quick Search is perfect for starting with a simple user, group, or Organizational Unit-based search. LogClarity’s object-style log categorization actually restructures the Windows event logs, so that data mining using LogClarity® is simplified. LogClarity® makes it easy to view any event that has occurred based on a particular Object type rather than the traditional Event ID or regular expression methods. This method provides much more flexibility to event log searching.
For Example; Frank Wilson is an administrator with ABC Company. He wants to data mine Bill Jones’s activity, because Bill has given his two week notice. He is leaving the company, which means, he may be a risk to the enterprise, in a number of ways. Using LogClarity®, Frank can simply put Bill’s user account in the Quick Search Window. LogClarity® instantly retrieves all of Bill’s activity for the time/date period specified.
Normally, data mining account activity can be much more difficult to gather and review. Wading through thousands of event records is where data mining usually begins. That painful exercise can discourage many users from searching through logs manually. LogClarity® can easily give users the exact data needed, even with the Quick Search feature.
LogClarity® also has a very powerful complimentary tool called the Smart Filter. The LogClarity® Smart Filter is designed to work in conjunction with either search method. However, it is most commonly used with Quick Search. The Smart Filter allows the LogClarity® user (i.e. Frank in this case) to filter other Objects and /or attributes from view. This is a very powerful feature, when performing forensic searches, because it can narrow down the scope of the search. Users can easily get to the root of what they are looking for, using the Smart Filter.
LogClarity’s Advanced Search has much more sophisticated search capabilities but still retains the ease of use that the Quick Search provides. Any log type including the specific Objects, parameters or attributes, can be easily queries in seconds. Advanced Search is used when the user has some level of knowledge about what they may be looking for. Advanced Search enables users to search for specific event patterns or multiple groups of categories at one time. Smart Filter can also be used in conjunction with Advanced Search, to filter out Object categories from view. LogClarity® provides the most efficient agile forensics and data mining options, which offers the best of all worlds.
The LogClarity® suite offers complete log management and security coverage over the entire enterprise; domain controllers, member servers, databases, UNIX servers, firewalls and much more. LogClarity® has five powerful modules to help increase security, improve network and server operations and meet compliance requirements. LogClarity® is able to accomplish all of these tasks by removing the painful manual efforts related to log management as well as provide unique forensic methods and alert capabilities that no other tool has available today.